it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add missing files for a8e4130

Browse source
This commit is contained in:
Raphael Dannecker 2025-03-29 11:25:22 +01:00
parent e52c01615c
commit 6ba24ade09
3 changed files with 246 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
roles/lmn_tmpfixes/tasks/bookworm.yml Normal file
View file

@ -0,0 +1,66 @@
---
## Temporary fixes and quirks:
- name: Remove disturbing NetworkManager connection
ansible.builtin.file:
path: "/etc/NetworkManager/system-connections/Wired connection 1"
state: absent
when: ansible_interfaces | select('search', '^en[pso].+') | length > 1
- name: Fix 8086:4909 external graphics card
ansible.builtin.replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX=""$'
replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
- name: Fix sound on 312A
ansible.builtin.replace:
dest: "/etc/default/grub"
regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
replace: 'GRUB_CMDLINE_LINUX=""'
notify: Run update-grub
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
- name: Fix sound on 312A and 312D
ansible.builtin.apt:
name: firmware-sof-signed
state: latest
when: >
ansible_board_vendor == "LENOVO" and
(ansible_board_name == "312D" or ansible_board_name == "312A")
- name: Install customized CodeBlocks packages
when: "'PCroom' in group_names"
block:
- name: Check for old CodeBlocks
ansible.builtin.command:
cmd: dpkg -l codeblocks
register: codeblocks_version
changed_when: false
- name: Download codeblocks zip archive
ansible.builtin.get_url:
url: "http://livebox.pn.steinbeis.schule/codeblocks/CodeBlocks.zip"
dest: /tmp/CodeBlocks.zip
mode: '0644'
use_proxy: false
register: new_codeblocks
when: codeblocks_version.stdout is not search('svn13544')
- name: Unpack zip archive and install packages manually
ansible.builtin.shell:
cmd: unzip -d /tmp/cb/ CodeBlocks.zip && dpkg -i cb/*.deb
chdir: /tmp/
when: new_codeblocks.changed | default(false)
- name: Work around sddm hang on shutdown
ansible.builtin.lineinfile:
path: /etc/systemd/system.conf
line: DefaultTimeoutStopSec=5s
insertafter: '^#DefaultTimeoutStopSec=.*'
- name: Patch spyder to fix 'file-has-changed' issues on CIFS
ansible.posix.patch:
src: spyder.patch
dest: /usr/lib/python3/dist-packages/spyder/plugins/editor/widgets/editor.py

170
roles/lmn_tmpfixes/tasks/cleanup.yml Normal file
View file

@ -0,0 +1,170 @@
---
# clean up stuff from obsolete/faulty tasks:
- name: Remove sddm login screen patch with deprecated marker (homeondisk)
ansible.builtin.blockinfile:
path: /usr/share/sddm/themes/debian-breeze/Main.qml
marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk
state: absent
- name: Remove packages we do not need anymore
ansible.builtin.apt:
name:
- cachefilesd
- mosquitto
state: absent
purge: true
- name: Remove virtiofs service
ansible.builtin.file:
path: /etc/systemd/system/virtiofs@.service
state: absent
- name: Fix mount point permissions and owner
ansible.builtin.file:
path: "{{ item }}"
mode: '0755'
owner: root
group: root
loop:
- /srv/samba
- /srv/samba/schools
- name: Remove pam_mount sysvol mount
ansible.builtin.blockinfile:
dest: /etc/security/pam_mount.conf.xml
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (SysVol) -->"
block: |
<volume
fstype="cifs"
server="{{ smb_server }}"
path="sysvol/"
mountpoint="/srv/samba/%(USER)/sysvol"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
</volume>
state: absent
- name: Remove pam_mount for VM bind mounts
ansible.builtin.blockinfile:
dest: /etc/security/pam_mount.conf.xml
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
state: absent
- name: Check if rmlpr.timer is installed
ansible.builtin.stat:
path: /etc/systemd/system/rmlpr.timer
register: rmlpr
- name: Disable rmlpr.timer
ansible.builtin.systemd:
name: rmlpr.timer
enabled: false
when: rmlpr.stat.exists
- name: Check if vmimage-torrent.service is installed
ansible.builtin.stat:
path: /etc/systemd/system/vmimage-torrent.service
register: vmimagetorrent
- name: Disable vmimage-torrent.service
ansible.builtin.systemd:
name: vmimage-torrent.service
enabled: false
when: vmimagetorrent.stat.exists
- name: Remove deprecated files and directories
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- /etc/linuxmuster-linuxclient7
- /usr/lib/python3/dist-packages/linuxmusterLinuxclient7
- /usr/share/linuxmuster-linuxclient7
- /usr/local/bin/onLogin
- /etc/sudoers.d/90-lmn-sudotools
- /etc/systemd/system/rmlpr.service
- /etc/systemd/system/rmlpr.timer
- /usr/local/bin/sync-vm.sh
- /usr/local/bin/run-vm.sh
- /usr/local/bin/rebase-vm.sh
- /usr/local/bin/create-vm.sh
- /usr/local/bin/upload-vm.sh
- /usr/local/bin/vmimage-torrent
- /etc/systemd/system/vmimage-torrent.service
- /usr/local/bin/linbo-torrenthelper.sh
- /usr/local/bin/link-images.sh
- /usr/local/bin/start-virtiofsd.sh
- /etc/sudoers.d/90-lmn-upload-vm
- /etc/sudoers.d/90-lmn-sync-vm
- /etc/sudoers.d/90-lmn-startvirtiofsd
- /etc/sudoers.d/90-lmn-link-images
- /etc/rsync.secret
- /etc/systemd/network/30-virbr1.netdev
- /etc/systemd/network/30-virbr2.netdev
- /etc/systemd/network/40-ethernet.network
- /etc/systemd/network/40-ethernet-usb.network
- /etc/systemd/network/50-virbr1.network
- /etc/systemd/network/50-virbr2.network
- /etc/systemd/network/60-wlan0-dhcp.network
- /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
- /etc/tmpfiles.d/clean-exam.conf
- /etc/polkit-1/rules.d/lmn-networkmanager.rules
- /etc/polkit-1/rules.d/lmn-packagekit.rules
- name: Check if vm_usage_information.txt exists
ansible.builtin.stat:
path: /lmn/vm/vm_usage_information.txt
register: vm_usage_information
- name: Pre-fill vm_usage_information.txt
ansible.builtin.shell:
cmd: |
ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt
chown lmnsynci:lmnsynci vm_usage_information.txt
chdir: /lmn/vm/
when: not vm_usage_information.stat.exists
- name: Detect if IPP-Everywhere printers exist
ansible.builtin.shell:
cmd: grep "IPP Everywhere" /etc/cups/printers.conf
register: ipp_everywhere
failed_when: false
changed_when: false
- name: Delete old IPP-Everywhere printers
ansible.builtin.shell:
cmd: |
for p in $(lpstat -p | cut -d" " -f2); do
lpadmin -x "$p"
done
when: not ipp_everywhere.rc
- name: Remove old VM-printerlists
ansible.builtin.shell:
cmd: rm -f /lmn/media/*/.printerlist.csv
- name: Remove Listen on VMBridge
ansible.builtin.lineinfile:
dest: /etc/cups/cupsd.conf
line: 'Listen 192.168.122.1:631'
state: absent
- name: Remove NetworkManager Ansible-Block for non-laptops
ansible.builtin.blockinfile:
path: /etc/NetworkManager/NetworkManager.conf
state: absent
when: "'laptop' not in group_names"
- name: Remove pam-exec from common-auth
ansible.builtin.lineinfile:
dest: /etc/pam.d/common-auth
line: "auth optional pam_exec.so /usr/local/sbin/pam-exec.sh"
state: absent
when: exam_mode
- name: Remove pam-mkhomedir from common-session
ansible.builtin.lineinfile:
dest: /etc/pam.d/common-session
line: "session optional pam_mkhomedir.so umask=0077"
state: absent
when: localhome

10
roles/lmn_tmpfixes/tasks/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Remove disturbing NetworkManager connection
ansible.builtin.include_tasks:
file: "{{ taskfile }}"
loop_control:
loop_var: taskfile
loop:
- bookworm.yml
- cleanup.yml
when: ansible_distribution_release == "bookworm"